Secure servers are sensitive devices, which monitor various external and internal parameters to ensure that security offered by the secure server is not compromised. For instance in the case of an electrical power outage, an ideal secure server would determine whether a power outage occurred, or whether the secure server has been tampered with. Absent this feature, the secure server will assume tampering and will, therefore, block further operations. In order to ensure security of servers, a standard has been developed setting out what is typically required to maintain system security. The Federal Information Processing Standard 140-1 (FIPS 140-1) has several levels of standard security. For FIPS 140-1 level 3 compliance (FIPS 140-1/L3), a physical presence of the authenticating individual is required. This standard is met, for example, by requiring a biometric, a secure physical key, or both in order to authenticate. The physical key is typically stored in a safe place, such as a safety deposit box or vault. Often these “safe” places are not accessible 24 hours a day 7 days a week.
Of course, since the security officer must be present to re-authenticate to the server in order to commence operation thereof, this employee cannot travel or be far from the office. The more employees are authorised to re-initialise the server, the greater is the potential security threat. As such, a small number of employees, who qualify under high-level security clearance, is preferred. Further, and of greater concern, the officer is greatly inconvenienced every time there is a power outage. With power problems in some places being a significant occurrence, this inconvenience may become a key issue in locating businesses or in the selection of a lesser level of security.
In secure servers supporting FIPS 140-1/L3, a form of protection is built in, which requires they be re-initialized by a security officer—typically a high security level employee—once power is restored. This step is commonly referred to as primary authentication. The re-initialization allows the security officer to verify the system as to ensure that tampering has not occurred. Typically, when such an event occurs, the security officer receives a call from a security guard of the company asking him to come to the company in order to achieve full secure system recovery such that secure server functionality is re-established. Of course, this type of event is likely to occur at any time, including the most inconvenient times of the day or year, as for example in the middle of the night during a snowstorm in winter. Disruptions in functioning of the security server are costly to the company.
In U.S. Pat. No. 6,317,028 to Valiulis, issued Nov. 13, 2001, a personal computer is utilized to coordinate security features. The personal computer periodically transmits a security code over the electric power distribution network to maintain all appliances coupled thereto in an operational state. Such an application fails to meet FIPS 140-1/L3, since another computer authenticates all devices automatically. Clearly, the condition that human authorization is required to initiate secure services on each computer is not met. Tampering with the authentication computer results in a security breach on every computer implemented with such architecture.
U.S. Pat. No. 4,908,608, to Reinke et al., issued Mar. 13, 1990, discloses a computer alarm system that is mounted on an integrated circuit card slidably installed within an empty expansion slot, standard on most computers. The prior art teachings are illustrated in FIG. 1. The alarm system sounds an alarm when the computer's power supply is interrupted or shut off, or when the computer is physically moved causing horizontal or vertical level sensing switches to close. Unfortunately the alarm system does not reduce the overall inconvenience to the high security level individual.
It would be advantageous to have at one's disposal a security system that meets FIPS 140-1/L3, and at the same time does not always rely on an in-person re-authentication to restart the server after, for example, a power outage has occurred. Such a system, once a security officer has performed a primary authentication according to FIPS 140-1/L3, should be able to perform a re-authentication or secondary authentication without the need of a security officer being present in some predetermined circumstances.